Trend hit by UPX vulnerability

Compression handling issue affects swathe of products.

A wide range of Trend Micro security products are affected by a flaw in the handling of files compressed with UPX, which could be exploited to shut down the product or even access a machine remotely. An update is available to circumvent the problem.

VB100

The buffer overflow vulnerability was pointed out to Trend in mid-January, and has now been disclosed following the release of a pattern file to fix the hole. Affected products include flagship OfficeScan and PC-cillin scanners, as well as various mail and network security products including Linux and NetWare offerings.

Trend's announcement of the problem, along with the fix, is available here. An alert from iDefense is here, and another from Secunia here.

A second and less significant vulnerability, exploitable only from the local system, has also been reported in the Anti-Rootkit module included in several Trend products. This flaw has also been fixed with an upgrade, and details are again available from Trend, iDefense or Secunia. Trend users are advised to ensure both fixes are applied as soon as possible.

08 February 2007

Tags:    del.icio.us  digg this! digg this

Quick Links

Poll

When do you install software updates?
As soon as they are released
As soon as I have some time
I take my time, but I always install them eventually
Only when I feel it is absolutely necessary
Never
Leave a comment
View 12 comments
Jobs Career Sidebar
Twitter Feed

virusbtn: RT @emailsecmatters: The typical spam message has sources as diverse as the spam lunch meat: http://ht.ly/2yucd
2 hours ago

virusbtn: Can anyone write a rap about our RAP tests (http://bit.ly/255ySQ) and submit it to the Symantec competition http://bit.ly/bOJg8r
6 hours ago

Malware Prevalence

Autorun |########|
Conficker/Downadup |######|
VB |#####|
Agent |#####|
FakeAlert/Renos |####|
 View this month's full report
Virus Bulletin currently has 208,224 registered users.